Added support for group_add key

This PR will add support for `group_add` key which will map to supplemental group in pod security context.
2017-08-02 15:38:54 +05:30 · 2017-08-02 15:38:54 +05:30 · 641f8f8932
commit 641f8f8932
parent a9bffa6c6a
14 changed files with 282 additions and 33 deletions
--- a/pkg/kobject/kobject.go
+++ b/pkg/kobject/kobject.go
@ -98,6 +98,7 @@ type ServiceConfig struct {
 	TmpFs           []string            `compose:"tmpfs"`
 	Dockerfile      string              `compose:"dockerfile"`
 	Replicas        int                 `compose:"replicas"`
+	GroupAdd        []int64             `compose:"group_add"`
 	// Volumes is a struct which contains all information about each volume
 	Volumes []Volumes `compose:""`
 }
--- a/pkg/loader/compose/v1v2.go
+++ b/pkg/loader/compose/v1v2.go
@ -264,6 +264,14 @@ func libComposeToKomposeMapping(composeObject *project.Project) (kobject.Kompose
 		serviceConfig.MemLimit = composeServiceConfig.MemLimit
 		serviceConfig.TmpFs = composeServiceConfig.Tmpfs
 		serviceConfig.StopGracePeriod = composeServiceConfig.StopGracePeriod
+
+		// Get GroupAdd, group should be mentioned in gid format but not the group name
+		groupAdd, err := getGroupAdd(composeServiceConfig.GroupAdd)
+		if err != nil {
+			return kobject.KomposeObject{}, errors.Wrap(err, "GroupAdd should be mentioned in gid format, not a group name")
+		}
+		serviceConfig.GroupAdd = groupAdd
+
 		komposeObject.ServiceConfigs[normalizeServiceNames(name)] = serviceConfig
 		if normalizeServiceNames(name) != name {
 			log.Infof("Service name in docker-compose has been changed from %q to %q", name, normalizeServiceNames(name))
@ -390,3 +398,17 @@ func getVol(toFind kobject.Volumes, Vols []kobject.Volumes) (bool, kobject.Volum
 	}
 	return false, kobject.Volumes{}
 }
+
+// getGroupAdd will return group in int64 format
+func getGroupAdd(group []string) ([]int64, error) {
+	var groupAdd []int64
+	for _, i := range group {
+		j, err := strconv.Atoi(i)
+		if err != nil {
+			return nil, errors.Wrap(err, "unable to get group_add key")
+		}
+		groupAdd = append(groupAdd, int64(j))
+
+	}
+	return groupAdd, nil
+}
--- a/pkg/transformer/kubernetes/k8sutils.go
+++ b/pkg/transformer/kubernetes/k8sutils.go
@ -431,6 +431,11 @@ func (k *Kubernetes) UpdateKubernetesObjects(name string, service kobject.Servic
 			}
 		}

+		//set supplementalGroups
+		if service.GroupAdd != nil {
+			podSecurityContext.SupplementalGroups = service.GroupAdd
+		}
+
 		// Setup security context
 		securityContext := &api.SecurityContext{}
 		if service.Privileged {
--- a/pkg/transformer/kubernetes/kubernetes_test.go
+++ b/pkg/transformer/kubernetes/kubernetes_test.go
@ -55,6 +55,7 @@ func newServiceConfig() kobject.ServiceConfig {
 		TmpFs:         []string{"/tmp"},
 		Replicas:      2,
 		Volumes:       []kobject.Volumes{{SvcName: "app", MountPath: "/tmp/volume", PVCName: "app-claim0"}},
+		GroupAdd:      []int64{1003, 1005},
 	}
 }

--- a/script/test/cmd/tests.sh
+++ b/script/test/cmd/tests.sh
@ -174,6 +174,17 @@ convert::expect_success "kompose -f $KOMPOSE_ROOT/script/test/fixtures/tty-true/
 # openshift test
 convert::expect_success "kompose --provider openshift -f $KOMPOSE_ROOT/script/test/fixtures/tty-true/docker-compose.yml convert --stdout -j" "$KOMPOSE_ROOT/script/test/fixtures/tty-true/output-oc.json"

+# Test related to "group_add" in docker-compose
+# kubernetes test
+convert::expect_success "kompose -f $KOMPOSE_ROOT/script/test/fixtures/group-add/docker-compose.yml convert --stdout -j" "$KOMPOSE_ROOT/script/test/fixtures/group-add/output-k8s.json"
+# openshift test
+convert::expect_success "kompose --provider openshift -f $KOMPOSE_ROOT/script/test/fixtures/group-add/docker-compose.yml convert --stdout -j" "$KOMPOSE_ROOT/script/test/fixtures/group-add/output-os.json"
+
+# Test related to Failing "group_add" in docker-compose
+# kubernetes test
+convert::expect_failure "kompose -f $KOMPOSE_ROOT/script/test/fixtures/group-add/docker-compose-fail.yml convert --stdout -j"
+# openshift test
+convert::expect_failure "kompose --provider openshift -f $KOMPOSE_ROOT/script/test/fixtures/group-add/docker-compose-fail.yml convert --stdout -j"

 # Test related to kompose.expose.service label in docker compose file to ensure that services are exposed properly
 #kubernetes tests
--- a/script/test/fixtures/envvars-separators/output-k8s.json
+++ b/script/test/fixtures/envvars-separators/output-k8s.json
@ -1047,6 +1047,10 @@
                "name": "hygieia-udeploy",
                "image": "hygieia-udeploy-collector:latest",
                "env": [
+                  {
+                    "name": "UDEPLOY_PASSWORD",
+                    "value": "-s3cr3t"
+                  },
                  {
                    "name": "UDEPLOY_URL",
                    "value": "-http://udeploy.company.com"
@ -1054,10 +1058,6 @@
                  {
                    "name": "UDEPLOY_USERNAME",
                    "value": "-bobama"
-                  },
-                  {
-                    "name": "UDEPLOY_PASSWORD",
-                    "value": "-s3cr3t"
                  }
                ],
                "resources": {},
--- a/script/test/fixtures/etherpad/output-os.json
+++ b/script/test/fixtures/etherpad/output-os.json
@ -110,6 +110,14 @@
                  }
                ],
                "env": [
+                  {
+                    "name": "DB_DBID",
+                    "value": "etherpad"
+                  },
+                  {
+                    "name": "DB_HOST",
+                    "value": "mariadb"
+                  },
                  {
                    "name": "DB_PASS",
                    "value": "etherpad"
@ -121,14 +129,6 @@
                  {
                    "name": "DB_USER",
                    "value": "etherpad"
-                  },
-                  {
-                    "name": "DB_DBID",
-                    "value": "etherpad"
-                  },
-                  {
-                    "name": "DB_HOST",
-                    "value": "mariadb"
                  }
                ],
                "resources": {}
--- a/script/test/fixtures/group-add/docker-compose-fail.yml
+++ b/script/test/fixtures/group-add/docker-compose-fail.yml
@ -0,0 +1,6 @@
+version: '2'
+services:
+  myservice:
+    image: alpine
+    group_add:
+      - "mail"
--- a/script/test/fixtures/group-add/docker-compose.yml
+++ b/script/test/fixtures/group-add/docker-compose.yml
@ -0,0 +1,6 @@
+version: '2'
+services:
+  myservice:
+    image: alpine
+    group_add:
+      - "1234"
--- a/script/test/fixtures/group-add/output-k8s.json
+++ b/script/test/fixtures/group-add/output-k8s.json
@ -0,0 +1,73 @@
+{
+  "kind": "List",
+  "apiVersion": "v1",
+  "metadata": {},
+  "items": [
+    {
+      "kind": "Service",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "myservice",
+        "creationTimestamp": null,
+        "labels": {
+          "io.kompose.service": "myservice"
+        }
+      },
+      "spec": {
+        "ports": [
+          {
+            "name": "headless",
+            "port": 55555,
+            "targetPort": 0
+          }
+        ],
+        "selector": {
+          "io.kompose.service": "myservice"
+        },
+        "clusterIP": "None"
+      },
+      "status": {
+        "loadBalancer": {}
+      }
+    },
+    {
+      "kind": "Deployment",
+      "apiVersion": "extensions/v1beta1",
+      "metadata": {
+        "name": "myservice",
+        "creationTimestamp": null,
+        "labels": {
+          "io.kompose.service": "myservice"
+        }
+      },
+      "spec": {
+        "replicas": 1,
+        "template": {
+          "metadata": {
+            "creationTimestamp": null,
+            "labels": {
+              "io.kompose.service": "myservice"
+            }
+          },
+          "spec": {
+            "containers": [
+              {
+                "name": "myservice",
+                "image": "alpine",
+                "resources": {}
+              }
+            ],
+            "restartPolicy": "Always",
+            "securityContext": {
+              "supplementalGroups": [
+                1234
+              ]
+            }
+          }
+        },
+        "strategy": {}
+      },
+      "status": {}
+    }
+  ]
+}
--- a/script/test/fixtures/group-add/output-os.json
+++ b/script/test/fixtures/group-add/output-os.json
@ -0,0 +1,125 @@
+{
+  "kind": "List",
+  "apiVersion": "v1",
+  "metadata": {},
+  "items": [
+    {
+      "kind": "Service",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "myservice",
+        "creationTimestamp": null,
+        "labels": {
+          "io.kompose.service": "myservice"
+        }
+      },
+      "spec": {
+        "ports": [
+          {
+            "name": "headless",
+            "port": 55555,
+            "targetPort": 0
+          }
+        ],
+        "selector": {
+          "io.kompose.service": "myservice"
+        },
+        "clusterIP": "None"
+      },
+      "status": {
+        "loadBalancer": {}
+      }
+    },
+    {
+      "kind": "DeploymentConfig",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "myservice",
+        "creationTimestamp": null,
+        "labels": {
+          "io.kompose.service": "myservice"
+        }
+      },
+      "spec": {
+        "strategy": {
+          "resources": {}
+        },
+        "triggers": [
+          {
+            "type": "ConfigChange"
+          },
+          {
+            "type": "ImageChange",
+            "imageChangeParams": {
+              "automatic": true,
+              "containerNames": [
+                "myservice"
+              ],
+              "from": {
+                "kind": "ImageStreamTag",
+                "name": "myservice:latest"
+              }
+            }
+          }
+        ],
+        "replicas": 1,
+        "test": false,
+        "selector": {
+          "io.kompose.service": "myservice"
+        },
+        "template": {
+          "metadata": {
+            "creationTimestamp": null,
+            "labels": {
+              "io.kompose.service": "myservice"
+            }
+          },
+          "spec": {
+            "containers": [
+              {
+                "name": "myservice",
+                "image": " ",
+                "resources": {}
+              }
+            ],
+            "restartPolicy": "Always",
+            "securityContext": {
+              "supplementalGroups": [
+                1234
+              ]
+            }
+          }
+        }
+      },
+      "status": {}
+    },
+    {
+      "kind": "ImageStream",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "myservice",
+        "creationTimestamp": null,
+        "labels": {
+          "io.kompose.service": "myservice"
+        }
+      },
+      "spec": {
+        "tags": [
+          {
+            "name": "latest",
+            "annotations": null,
+            "from": {
+              "kind": "DockerImage",
+              "name": "alpine"
+            },
+            "generation": null,
+            "importPolicy": {}
+          }
+        ]
+      },
+      "status": {
+        "dockerImageRepository": ""
+      }
+    }
+  ]
+}
--- a/script/test/fixtures/restart-options/output-k8s-restart-onfail.json
+++ b/script/test/fixtures/restart-options/output-k8s-restart-onfail.json
@ -33,4 +33,3 @@
    }
  ]
 }
-
--- a/script/test/fixtures/volume-mounts/volumes-from/output-k8s-case.json
+++ b/script/test/fixtures/volume-mounts/volumes-from/output-k8s-case.json
@ -105,18 +105,18 @@
          },
          "spec": {
            "volumes": [
-              {
-                "name": "bar-claim1",
-                "persistentVolumeClaim": {
-                  "claimName": "bar-claim1"
-                }
-              },
              {
                "name": "foo-claim0",
                "persistentVolumeClaim": {
                  "claimName": "foo-claim0"
                }
              },
+              {
+                "name": "bar-claim1",
+                "persistentVolumeClaim": {
+                  "claimName": "bar-claim1"
+                }
+              },
              {
                "name": "foo-claim1",
                "persistentVolumeClaim": {
@ -140,14 +140,14 @@
                ],
                "resources": {},
                "volumeMounts": [
-                  {
-                    "name": "bar-claim1",
-                    "mountPath": "/bar"
-                  },
                  {
                    "name": "foo-claim0",
                    "mountPath": "/foo1"
                  },
+                  {
+                    "name": "bar-claim1",
+                    "mountPath": "/bar"
+                  },
                  {
                    "name": "foo-claim1",
                    "mountPath": "/foo2"
--- a/script/test/fixtures/volume-mounts/volumes-from/output-os-case.json
+++ b/script/test/fixtures/volume-mounts/volumes-from/output-os-case.json
@ -131,18 +131,18 @@
          },
          "spec": {
            "volumes": [
-              {
-                "name": "bar-claim1",
-                "persistentVolumeClaim": {
-                  "claimName": "bar-claim1"
-                }
-              },
              {
                "name": "foo-claim0",
                "persistentVolumeClaim": {
                  "claimName": "foo-claim0"
                }
              },
+              {
+                "name": "bar-claim1",
+                "persistentVolumeClaim": {
+                  "claimName": "bar-claim1"
+                }
+              },
              {
                "name": "foo-claim1",
                "persistentVolumeClaim": {
@ -166,14 +166,14 @@
                ],
                "resources": {},
                "volumeMounts": [
-                  {
-                    "name": "bar-claim1",
-                    "mountPath": "/bar"
-                  },
                  {
                    "name": "foo-claim0",
                    "mountPath": "/foo1"
                  },
+                  {
+                    "name": "bar-claim1",
+                    "mountPath": "/bar"
+                  },
                  {
                    "name": "foo-claim1",
                    "mountPath": "/foo2"